Risk-Based vs Principles-Based vs Ex-Post Liability Regimes
risk-vs-principles-vs-liability · AI-governance meta-debate
Should AI governance work via (a) risk-based ex-ante categorisation + obligations (EU), (b) high-level principles delegated to sector regulators (UK / OECD / G7), or (c) ex-post liability + civil litigation (US sectoral)?
Why it matters
The most-fundamental architectural choice for AI governance. Determines whether: regulators classify systems before deployment vs after, statutory law is comprehensive vs sectoral, public enforcement is ex-ante vs ex-post, and which actors bear primary risk-allocation responsibility. Different regimes are largely incompatible at scale; major jurisdictions have chosen differently.
Positions (3)
Catalogued in editorial order; not ranked. Each position carries its own primary sources.
Position 1
Risk-based ex-ante (EU model)
Categorise systems by risk tier (prohibited / high-risk / limited-risk / minimal-risk). Ex-ante obligations on providers + deployers per tier. Statutory law + designated regulator. The EU AI Act is the canonical implementation.
Proponents
- European AI Office
- Council of Europe
Primary sources
Position 2
Principles-based + sector-regulator-led (UK / OECD model)
Cross-sectoral high-level principles (fairness, accountability, transparency, safety, contestability) interpreted + applied by existing sector regulators (ICO, MHRA, FCA, etc.). No standalone AI law. Faster-adapting; lower legislative cost; potentially under-enforced in cross-cutting gaps.
Proponents
Primary sources
Position 3
Ex-post liability + civil litigation (US sectoral)
No federal AI statute. Sectoral regulators (FTC, EEOC, FDA, SEC) apply existing authority to AI-mediated harms. Ex-post liability via civil litigation drives behaviour. Slower; depends on plaintiffs' bar + sectoral capacity; potentially under-deters speculative future risks.
Primary sources
Instruments shaped by this debate
Topics this debate touches
Editorial note
The three positions are largely incompatible at scale. Cross-jurisdictional operators face the deepest cost from this divergence; harmonisation work (G7 Hiroshima, OECD AI Principles, GPAI) attempts to bridge without resolving.